Sessions Logout

[jandrews3]

I'm a high school Spanish teacher and have designed a website for students to login with session protected security to their own profiles so I can track their work. However, I need to ensure a student logoff ability beyond that of just quitting the web browser. Below is the code I have put at the top of all "secured" pages. Is there a way I can put a link (a logout button) which will delete the $_SERVER['PHP_AUTH_PW'] variable and would therefore require any other users who sit down to that computer to re-enter a password (i.e. - their own)? Thank you!

session_start();
$link = mysql_connect("ositowebsolutions.com","ositoweb","******") or die("Could not connect: ".mysql_error());
        mysql_select_db("my_database")or die("Could not select database: ".mysql_error());

  $query = "SELECT * FROM chs_students WHERE uname = '{$_SERVER['PHP_AUTH_USER']}' and pword = '{$_SERVER['PHP_AUTH_PW']}'";
  $result = mysql_query($query) or die("Could not perform query: ".mysql_error());
$row = mysql_fetch_array($result);
$uname = $row['uname'];
$pword = $row['pword'];
$id = $row['id'];


if (!isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])
    || !($_SERVER['PHP_AUTH_USER'] == $uname && $_SERVER['PHP_AUTH_PW'] == $pword))
{
    header('WWW-Authenticate: Basic realm="Authorization Required!"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Authorization Required!';
    exit;
}

 

 

[smerny]

just link to a page called logout.php

 

on that page you can unset the session variables:

 

session_start();

unset($_SESSION['studentID']);
unset($_SESSION['studentName']);

for example

[jandrews3]

I'm sorry. I'm perpetually a beginner. I created a link that returned the user to the home page with the variable logout=true. Then on the home page, I added ...

<?
if ($logout = "true"){
session_start();

unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
}

because those are the two session variables used. However, it didn't work for me. I realize I'm probably not using the right variables there. Given the posting I made earlier, can you help with the unset variables? Thank you.

[ignace]

http://us3.php.net/manual/en/features.http-auth.php scroll down to example #3

[jandrews3]

Thank you but I'm afraid that example doesn't quite fit what I'm trying to do. After the student "logs out" I want the browser to go back to the home page which does NOT require a username or password to view (think of it like a bank's homepage - you only need to password to see the sensitive stuff).

 

What I'm trying to do is to send the browser back to the homepage and clear out the session variables so that the next time a student clicks the "login" button, it will act as if there is no session in place. I don't know. This may not be possible. The coding that SMERNY gave me looks promising but I'm messing up the variables somehow. Can anyone help me? Thank you.

[waynew]

logout.php

 

session_start();
session_destroy();

header('Location: index.php?logged_out=Y');
exit;

[smerny]

It's because you aren't actually using session variables... I know what you're doing is a different way of doing it, but I am not exactly familiar with it... I would have used session variables... like

 

$_SESSION['user'] = $user;

$_SESSION['pw'] = $pw;

 

and then you could unset them with

 

unset($_SESSION['user']);

unset($_SESSION['pw']);

 

but again, I'm unfamiliar with the way you are doing it.

[waynew]

It's because you aren't actually using session variables... I know what you're doing is a different way of doing it, but I am not exactly familiar with it...

 

He should be using sessions with those server variables.